--check /api/uploadRecordDiscount/
local iputils = require("resty.iputils")
local whitelist_ips = {
        "59.42.24.0/22", -- office
	"47.96.188.198", -- t-pdd	
	"116.62.119.31", -- t-pdd1
	"116.62.231.140",  -- t
	"47.96.158.186", -- t1
	"47.96.184.200", -- t2
	"120.26.194.95", -- tb1
	"114.55.146.233", -- tb2
	"121.41.168.222", -- tb3
	"120.27.154.72", -- app-up
	"114.215.252.24", -- ons
	"121.199.183.85" -- shujubao aliexpress
	"39.98.95.196" --jushita-ons
}

local headers = ngx.req.get_headers()
local client_ip = headers["X-FORWARDED-FOR"] or ngx.var.remote_addr or headers["X-REAL-IP"]


string.split = function(s, p)
    local rt= {}
    string.gsub(s, '[^'..p..']+', function(w) table.insert(rt, w) end )
    return rt
end

function get_client_ip()
	local headers = ngx.req.get_headers()
	local client_ip = headers["X-FORWARDED-FOR"] or ngx.var.remote_addr or headers["X-REAL-IP"]
	if #client_ip > 15 then
		return string.split(client_ip,',')[1]	
	end
	return client_ip
end

whitelist = iputils.parse_cidrs(whitelist_ips)
if not iputils.ip_in_cidrs(get_client_ip() , whitelist) then
        return ngx.exit(ngx.HTTP_FORBIDDEN)
end
